10 matches found
EUVD-2025-21051
Malicious code in bioql PyPI...
EUVD-2023-50470
Malicious code in bioql PyPI...
CVE-2025-28244
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover...
CVE-2025-28244
Insecure Permissions vulnerability in the Local Storage in Alteryx Server 2023.1.1.460 allows remote attackers to obtain valid user session tokens from localStorage, leading to account takeover...
PT-2025-29129 · Alteryx · Alteryx Server
Name of the Vulnerable Software and Affected Versions: Alteryx Server version 2023.1.1.460 Description: An insecure permissions issue in the local storage component of Alteryx Server allows remote attackers to obtain valid user session tokens from localStorage, potentially leading to account...
PT-2024-13846 · Grandstream · Grandstream Gxp16Xx +1
Name of the Vulnerable Software and Affected Versions: Grandstream GXP14XX version 1.0.8.9 Grandstream GXP16XX version 1.0.7.13 Description: An issue was discovered that allows remote attackers to escalate privileges via incorrect access control using an end-user session-identity token...
CVE-2023-46231
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on...
Design/Logic Flaw
In Splunk Add-on Builder versions below 4.1.4, the application writes user session tokens to its internal log files when you visit the Splunk Add-on Builder or when you build or edit a custom app or add-on...
CVE-2021-42948
HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's...
LiveQuery publishes user session tokens in parse-server
Impact For regular non-LiveQuery queries, the session token is removed from the response, but for LiveQuery payloads it is currently not. If a user has a LiveQuery subscription on the Parse.User class, all session tokens created during user sign-ups will be broadcast as part of the LiveQuery...